Effective
Professional
Affordable



InfoSec in the News

Many of these news stories could have been prevented with an effective security awareness program or they promote the use of security awareness.
Also visit our News Archives for older stories

Subscribe to the following e-mail lists for even more stories:

SANS NewsBites

SC Magazine Newswire

Security Wire Digest

Sophos Virus News

7 April 2008 - Lost Disk Holds Data on 370,000 HSBC Customers
The UK's Financial Services Authority will investigate the loss of a disk containing personally identifiable information of 370,000 HSBC customers. The compromised data include names, dates of birth, and life insurance information, but no bank account information. The disk was being sent from HSBC to a reinsurance firm. The disk was not encrypted. Normally, the data are transferred electronically, but because the system was down, HSBC sent the information on disk through the post.
http://www.vnunet.com/vnunet/news/2213667/hsbc-lose-370-customer-details

7 April 2008 - Pfizer Data Security Breach
Pfizer has experienced another data security breach. A laptop stolen from a contractor's home contains personally identifiable information of approximately 800 current and former Pfizer employees and contractors. The data include names, credit card numbers, and card expiration numbers. The theft occurred on February 7, 2008; an incident
notification letter the company sent to attorneys general in several states was dated March 19. In 2007, Pfizer suffered four data security breaches that compromised personally identifiable information of more than 52,000 individuals.
http://www.theday.com/re.aspx?re=6b8c60cf-8fa2-43f1-9238-6dba8792cfa3

3 April 2008 - Software Engineer Indicted for Theft of Trade Secrets
Hanjuan Jin, a former software for a Chicago-based telecommunications company, has been indicted for allegedly stealing trade secrets from a telecommunications company and attempting to take the data to China. When her luggage was searched at O'Hare International Airport in Chicago, authorities discovered confidential technical documents and computer memory devices holding documents that belong to an unnamed company. Customs agents retained the documents and equipment. The intellectual property in the case is estimated to be worth US $600 million.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207001607

7 April 2008 - Kraken Botnet Twice as Large as Storm
The Kraken botnet is believed to be more than twice the size of the Storm botnet. Just 20 percent of antivirus (AV) packages are presently detecting Kraken, which comprises more than 400,000 zombie machines; Kraken is hard to detect because its code morphs. Researchers are still trying to determine how Kraken works its way into apparently
well-fortified systems. One known technique it uses is to copy itself to infected computers' hard drives in an altered form that can be used to reinfect the machine if AV programs are eventually able to identify the original file. The Kraken botnet is used primarily to send spam. Internet Storm Center:
http://isc.sans.org/diary.html?storyid=4256

7 April 2008 - NIH Workers May Not Store Sensitive Data on MacBooks
A National Institutes of Health (NIH) agency memo forbids employees from storing sensitive data on MacBook laptop computers. As of April 4, all NIH laptops running Windows or Linux operating systems must have the Pointsec encryption tool; Windows Vista users may also use that operating system's BitLocker disk encryption tool. There is presently a beta version of Pointsec for MacBooks, but not an approved version. The ban on MacBooks holding sensitive data applies to contractors as well as in-house employees.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207001840

3 April - US Legislator's Data is on Missing NIH Computer
A US legislator whose personal information is on a laptop computer stolen from a National Institute of Health (NIH) researcher's car wants the inspector general at the Department of Health and Human Services to conduct an investigation. Among the questions Representative Joe Barton (R-Tex.) wants answered is whether or not NIH has an effective means of contacting individuals affected by such a breach; at least one person did not learn his information was on the computer until he contacted NIH himself. It is also unclear whether or not the laptop was encrypted and why the initial estimate of affected individuals fell short by 500.
http://www.washingtonpost.com/wp-dyn/content/article/2008/04/02/AR2008040203371_pf.html

1 April 2008 - Laptop Hacked in Contest Makes Brief Appearance on eBay
The man who won a laptop computer he hacked in a contest at the CanSecWest conference last week made a short-lived attempt to sell the machine on eBay. Shane Macaulay had offered the Fujitsu U810 Windows Vista-equipped laptop, saying that it was possible his exploit code could be derived from the machine. eBay removed the listing because they do not allow the sale of "anything that would do harm." Macaulay also received a US $5,000 cash prize for his successful hack of the computer. Macaualy's attack exploited a flaw in Adobe Flash Player. Adobe researchers say they knew of the flaw before Macaulay's attack and that they plan to patch it later this month.
http://www.nytimes.com/idg/IDG_002570DE00740E180025741E005FFB74.html?ref=technology&pagewanted=print

26 March 2008 - 42 Months in Prison for Data Theft and Card Fraud
Former Compass Bank programmer James Kevin Real was sentenced to 42 months in prison for stealing a hard drive containing customer data and using them to commit identity fraud. Real was also ordered to repay more than US $32,000 that he and an accomplice stole from customers' accounts. Real used the stolen data to create 250 phony debit cards; he used 45 of them to commit fraud. Court documents indicate the data were stolen in May 2007 and that the fraud occurred in June and July 2007. Alabama is just one of 11 states that do not require consumer
notification of personal data breaches.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&article
Id=9072198&source=rss_topic17

24 March 2008 - Stolen Laptop Holds NIH Clinical Trial Data
A laptop computer containing unencrypted personal information of 2,500 National Institutes of Health (NIH) study participants was stolen from a locked car trunk in February. NIH waited nearly a month before notifying affected individuals. The clinical trial information includes names, diagnoses, hospital medical record numbers and MRI data, but no Social Security numbers (SSNs) or financial information. Government policy requires that portable electronic devices have encryption software. An NIH statement indicates that the agency is taking steps to ensure that all devices have encryption and that personally identifiable information not be stored on laptops.
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753_pf.html

22 Match 2008 - Stolen Computer Holds Unencrypted Agilent Employee Data
Agilent Technologies has sent letters to 51,000 current and former employees notifying them that their personally identifiable information was on a laptop computer that was stolen on March 1. The unencrypted data include names, addresses, SSNs, and stock option information. The laptop was stolen from a vendor's car; Agilent's letter places the blame on that vendor - Stock & Option Solutions - for not encrypting the data. A former employee who received a notification letter said, "Agilent should have put all of the data into an encrypted format to begin with."
http://www.mercurynews.com/peninsula/ci_8660115

20 March 2008 - Former Employee Gets Probation for Destructive Cyber Intrusion
Joseph Patrick Nolan was sentenced to four years probation for breaking into his former employer's computer system and destroying data. Nolan destroyed records from Pentastar Aviation's personnel and payroll operations, costing the company more than US $50,000. Nolan was also ordered to pay Pentastar US $1,158. Nolan resigned from Pentastar in January 2007; the intrusion occurred in February of that year. He was then employed by the city of Ann Arbor's Information Technology Department until May 2007.
http://blog.mlive.com/annarbornews/2008/03/ann_arbor_man_to_serve_probati.html

18 March 2008 - 51-Month Sentence for Stealing Data Through Limewire
Gregory Kopiloff has been sentenced to 51 months in prison for stealing personally identifiable information of 50 people through P2P (peer-to-peer) filesharing programs. Kopiloff pleaded guilty to mail fraud, computer hacking, and aggravated identity theft. Kopiloff accessed tax returns, credit reports, bank statements and other financial documents through the Limewire filesharing program. He then obtained credit cards with the information and ran up US $76,000 in fraudulent charges. Kopiloff will be on probation for three years following his release and was also ordered to pay compensation. http://www.theregister.co.uk/2008/03/18/p2p_highwayman_jailed/print.html

13 March 2008 - Lost and Found Memory Stick Holds Police Data
A passerby in Hertfordshire, England found a memory stick in the gutter that contained confidential police information. The unencrypted data included the names and addresses of offenders as well as the types of vehicles they drive and details about their offenses. A police spokesperson acknowledged that a device was lost on March 5 and turned in several hours later.
http://www.thecomet.net/content/comet/news/story.aspx?brand=CMTOnline&category=News&tBrand=herts24
&tCategory=newscomnew&itemid=WEED13%20Mar%202008%2010%3A22%3A10%3A867

11 March 2008 - MTV Data Breach Exposes 5,000 Employees' Personal Data
A compromised Internet connection on an MTV Networks employee's computer led to a data breach that exposed personally identifiable information of approximately 5,000 MTV employees. The data include names, Social Security numbers (SSNs), and compensation information. Someone external to the company breached the files, though it is unclear whether the files were opened. MTV is conducting an internal investigation and employees have been notified.
http://www.nytimes.com/2008/03/08/technology/08data.html?_r=1&oref=slogin&ref=business&pagewanted=print

11 March 2008 - 40,000 NY Insurance Subscribers' Data on Lost Computer
Forty thousand members of HealthNow New York have been notified that their personal information was on a laptop that has been missing for several months. The data include names, dates of birth, SSNs, employer group names and health insurance identifier numbers, but not health or medical claim information. HealthNow does not plan to issue new identification numbers to all affected members, but will comply with individuals' requests to do so. The laptop was not encrypted, and the organization has severed the computer's access to the corporate network.
http://www.buffalonews.com/145/story/296415.html

10 March 2008 - Music Labels Want Irish ISP to Help Fight Piracy
Irish Internet service provider (ISP) Eircom may be compelled to take steps to prevent illegal music downloading if four major record labels have their way. The four - EMI Records (Ireland) Ltd, Sony BMG Music Entertainment (Ireland) Ltd, Universal Music (Ireland) Ltd, and Warner Music (Ireland) Ltd - have brought a High Court action in an attempt to
force the ISP to use technology specially designed to identify and stop the illegal activity. Eircom has thus far refused to employ technological filtering and blocking technologies to stop illegal downloads. One record company executive cited a 30 percent drop in sound recording sales since 2001.
http://www.rte.ie/news/2008/0310/download.html

8 March 2008 - Brothers Receive Prison Sentences for Selling Pirated Software
Brothers Maurice A. Robberson and Thomas K. Robberson have been sentenced to prison for selling pirated software online. Together, the brothers made more than US $1 million by selling counterfeit software worth more than US $6.5 million. Both men have agreed to forfeit all they earned from their business. Maurice was sentenced to three years in prison, while Thomas received a sentence of 30 months. Two other people involved on the scheme have already been sentenced. The pirated software included products from Adobe Systems, Autodesk, and Macromedia.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9067418&source=rss_topic17

6 march 2008 - Man Indicted in South Korea for Intellectual Property Crimes
A former LG Electronics employee has been arrested and indicted for giving technology from LG to a Chinese company, according to South Korean prosecutors. The man, identified only as Jeong, allegedly took a portable hard drive with information about plasma display technology when he left the company and later gave the information to his new employer, the Chinese company COC. Another former LG employee and one who still works for the company have also been indicted for assisting Jeong. LG maintains that the theft and sharing of the proprietary information could cost the company as much as 1.3 trillion won (US $1.35 billion).
http://english.donga.com/srv/service.php3?bicode=040000&biid=2008030681038

6 March 2008 - Children's Personal Data on Stolen Memory Stick
A memory stick plugged into a laptop computer stolen from a Shropshire (UK) medical center holds personally identifiable information of more than 200 children. The computer "had been fitted with encryption software to comply with ... NHS security standards" and its remote access has been disabled to prevent it from connecting to the NHS network. It also had tracking technology installed. The data on the memory stick include names, dates of birth, addresses and information about the treatment they received for speech and language therapy. Patients and their families were notified promptly.
http://www.shropshirestar.com/2008/03/05/details-on-200-children-stolen/

4 March 2008 - Judge Allows RIAA to Subpoena Univ. to Obtain Students' Identities
A federal judge has granted a request from the Recording Industry Association of America (RIAA) to subpoena the University of Arizona (UA) to surrender information identifying 14 students the RIAA believes have violated copyright law. Universities usually have 30 days to comply with the subpoenas; the RIAA is likely to contact UA within the next week. The RIAA sent 14 prelitigation letters to the university in early December; the students have been identified only as John Does. UA decided not to send those letters on to the students.
http://www.azstarnet.com/metro/228226

3 March 2008 - NJ Legislator Wants investigation Into Stolen Insurance Company Laptop
New Jersey State Senator Kevin O'Toole (R-40) has called for a hearing to investigate the circumstances surrounding the theft of a laptop that holds personally identifiable information of more than 300,000 Horizon Blue Cross/Blue Shield of New Jersey subscribers. The computer was stolen from an employee's home in January. Senator O'Toole wants to know how many other laptops hold Horizon subscriber data and wants Horizon's data privacy practices closely examined. Horizon has said that security procedures designed to protect data were not followed in this instance.
http://www.politickernj.com/o%E2%80%99toole-renews-call-immediate-investigation-horizon-blue-crossblue-shield-data-breach-16933

3 March 2008 - Encryption Pays Off for VA
Security measures put in place at the Veterans Affairs department (VA) after the widely publicized theft of computer equipment in 2006 have proven to be effective. A laptop stolen last month from the home of an employee at the VA's Austin (TX) Corporate Data Center was encrypted, and department officials knew precisely what data were on the computer. The employee had permission to have the computer at home and had locked it down to furniture. http://www.fcw.com/online/news/151810-1.html?type=pf

SAI Note: It's nice to finally see a positive awareness news story!!!

3 March 2008 - Virginia Supreme Court Upholds Spammer's Conviction
By a vote of 4-3, the Virginia Supreme Court upheld the felony conviction of Jeremy Jaynes, who in 2004 was found guilty of spamming and sentenced to nine years in prison; it was the first felony conviction for spamming in the US. Jaynes and his lawyer maintained that the Virginia law under which he was convicted violates both the
First Amendment and the interstate commerce clause of the US Constitution, but the court rejected those claims.
http://www.informationweek.com/security/showArticle.jhtml?articleID=206901389&cid=RSSfeed_TechWeb

1 March 2008 - Prison Time for Data Thieves
Two people have received prison sentences for their roles in a data theft scheme that victimized patients of the Kelsey-Seybold Clinic in Houston, Texas. Former insurance analyst Kretia Lutriel Griffin stole personal data belonging to approximately 200 of the clinic's patients. She sold them to Aubry Johnson, who used the information to open charge accounts at various stores. Johnson was sentenced to seven years in prison for access device fraud and aggravated identity theft. Griffin received a two-year sentence for conspiracy. The clinic has notified patients whose data were compromised. A clinic spokesperson said that no medical data were involved. http://www.chron.com/disp/story.mpl/headline/metro/5583753.html

25 February 2008 - Workers Often Peek at Customer Data
Documents made public in a lawsuit indicate that employees throughout Wisconsin utility company WE Energies were accessing data about friends, family members, politicians, and others. Several years ago, a WE Energies employee leaked information about a mayoral candidate. Following that incident, the company began paying closer attention to which accounts its employees were accessing; 17 people were fired between 2005 and 2007. Federal agencies are struggling with similar problems.
http://ap.google.com/article/ALeqM5ghPenZUJTE7BfSfgQbj6RX597DEAD8V019TG0
http://www.securityfocus.com/brief/687

25 February 2008 - Stolen Laptop Contained Psychiatric Patient Data
A laptop computer stolen from a NHS doctor's home in 2005 held extremely sensitive medical information about 190 psychiatric patients. The computer is one of approximately 180 devices reported missing or stolen from public institutions in the Lothians region of Scotland over the last five years.
http://news.scotsman.com/scotland/Patients39-medical--histories-stored.3811245.jp

23 February 2008 - Woman Indicted on HIPAA Violation
An Oklahoma woman has been indicted on charges of violating the Health Insurance Portability and Accountability Act (HIPAA). The federal indictment alleges that Leslie A. Howell provided patient information
from an unnamed counseling center to two individuals, knowing that they intended to use the information to commit "access device fraud" and identity theft. If she is convicted of charges against her, Howell could face up to 10 years in prison and a fine of up to US $250,000.
http://www.kten.com/global/story.asp?s=7914206

18 February 2008 - Woman Fined for Intercepting Nanny Agency eMail
A woman has been fined GBP 500 (US $975) for reading email messages from her previous employer's account. Susan Holmes had worked for a nanny agency that accepted registration forms through an AOL email account. The company neglected to change the account password after Holmes left, which allowed her access to the information. The company became suspicious after a noticeable decline in the amount of email they
received on the account in the first few months of 2007. AOL connections logs revealed IP addresses that eventually led to Holmes being identified as the culprit. Last week, she pleaded guilty to unauthorized access to a computer, in violation of section one of the Computer Misuse Act 1990.
http://www.theregister.co.uk/2008/02/18/nanny_agency_hack_conviction/print.html

16 February 2008 - Former Intern Arrested for Allegedly Accessing City eMail
A former intern for a San Jose (CA) city councilman has been arrested for breaking into the city's email system. Eric Hernandez worked as an intern for Councilman Sam Liccardo; during his work there, he created
email accounts for Liccardo's staff and knew the account passwords. Hernandez was allegedly trying to find information about another Liccardo staff member with whom he was angry; he planned to give the information to a blog and a newspaper. Hernandez faces up to three years in prison for the felony charge made against him.
http://www.mercurynews.com/valley/ci_8280565

15 February 2008 - Halifax Bank Blocks Credit Card Payments to WoW Publisher
The UK's Halifax bank has decided to block credit card payments to World of Warcraft publisher Blizzard Entertainment after noting that an unusually large number of payments being made through the company's
gaming sites involved stolen credit card information. Customers who want to subscribe to Blizzard game sites with Halifax or Bank of Scotland credit cards can contact the bank and make arrangements for the
payments to go through. It is not apparent that other banks or financial institutions have followed Halifax's lead.
http://www.theregister.co.uk/2008/02/15/halifax_blizzard_block/print.html

14 February 2008 - Nine Sued for Selling Pirated Software on eBay
The Software & Information Industry Association has filed lawsuits against nine people for allegedly selling pirated software on eBay. The lawsuits were filed on behalf of Symantec and Adobe as part of SIIA'a Auction Litigation Program, which offers rewards in the form of credit toward legitimate copies of software to people who turn in those selling the counterfeit software. The SIIA's antipiracy program has already helped them catch other sellers of counterfeit software.
http://www.channelregister.co.uk/2008/02/14/ebay_pirate_auctions/print.html

14 February 2008 - Bloodbank Donor Information on Missing Computers
Approximately 320,000 people who donated blood through Lifeblood in Memphis are at risk of identity fraud after two laptop computers were reported missing from the company. Lifeblood has enhanced its security practices since the incident. Areas where laptops are kept now have more stringent access restrictions as well as closed circuit monitoring. Software installed on company laptops allows their locations to be tracked remotely and provides a means for erasing the computers' hard drives should they be lost or stolen. Finally, the company has altered the programming so that complete Social Security numbers (SSNs) are not downloaded to mobile computers. The missing computers were reported to Lifeblood management in early January; the company decided to refrain from making the incident public knowledge until all affected donors had been notified.
http://www.sunherald.com/447/story/368296.html

14 February 2008 - Woman Sues Best Buy for US $54 Million Over Lost Laptop
A woman has filed a US $54 million lawsuit against Best Buy for losing her computer. Raelyn Campbell acknowledges that the amount far exceeds replacement cost and compensation, but she wants to draw attention to the reprehensible state of consumer property and privacy protection at" Best Buy. Campbell says that her computer was stolen from the Best Buy store and that employees falsified records to hide that fact. She also says they lied to her for weeks about the status of her computer. Campbell brought her computer in for repairs in May 2007, and filed the lawsuit in mid-November.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206504123

12 February 2008 - Unencrypted UK Army Laptop Left in Pub
A UK Army captain left a laptop computer containing sensitive information in a pub. The unencrypted data include personal information pertaining to more than 200 soldiers, military exercises information and weapons store locations. Cabinet Secretary Sir Gus O'Donnell recently ordered that laptops containing unencrypted data not be removed from government offices. The laptop was handed in by the person who found it in the pub.
http://www.thesun.co.uk/sol/homepage/news/article791210.ece

11 February 2008 - Spanish Police Arrest 76 for Internet Fraud
Seventy-six people arrested by Spanish police are believed to have stolen more than 3 million Euros in a variety of Internet fraud schemes. Some of the suspects allegedly sold expensive merchandise on auctions sites but never sent the items. Other suspects allegedly used stolen bank account information, probably stolen in a phishing scam, to siphon money into their own accounts.
http://www.theregister.co.uk/2008/02/11/spanish_police_fraud_crackdown/print.html

11 February 2008 - Russian Computers Sending an Increasing Share of Spam
Experts at SophosLabs scanned all spam messages received in the company's global network of spam traps, and found a dramatic rise in the proportion of the world's spam messages being sent from compromised Russian computers. Russian now accounts for one in twelve junk mails seen in inboxes. Between October-December 2007, the USA relayed far more spam than any other country, because so many US computers have been taken over by remote hackers.
http://www.sophos.com/pressoffice/news/articles/2008/02/dirtydozfeb08.html

7 February 2008 - South Bend Hospital Employee Data on Missing Computer
A laptop computer holding personally identifiable information of approximately 4,300 current and former employees of Memorial Hospital in South Bend, Indiana was lost last November. The data were on an employee's computer that was lost while she was traveling; the computer was not encrypted.
http://www.wsbt.com/news/local/15408791.html

29 January 2008 - Go Phish: Watch Out For These 10 Scams
Fools and their money have never been more quickly parted than in cyberspace. Here's a list of top phishing scams to avoid.
http://newsletter.crn.com/cgi-bin4/DM/y/eBGgJ0IMYEL0ElQ0Fm4i0E2

13 January 2008 - Malware Hiding on Digital Devices
There have been three reports of consumers who found that digital picture frames attempted to install malware on devices connected to the frame.  The frames were sold in different branches of the same store,
suggesting that the source of the infection was the factory or some point during shipping. The malware appears to be a Trojan horse program that hides itself like a rootkit once on a computer and tries to disable the computer's ability to access anti-virus tools. The incidents illustrate the necessity for users to be wary of all digital devices with onboard memory.  There have also been reports of hard disk drives
and digital music players attempting to install malware on computers. These incidents appear to have been accidental, related to the manufacturing process, but some believe it is just a matter of time before such infections are intentional and malicious.  It is also possible that the items were purchased and returned, which would make it possible for someone to install malware on a device and then return it.
http://www.securityfocus.com/news/11499

10 January 2008 - Former Cox Employee Gets Prison Time for Causing Outage
William Bryant has been sentenced to five months in prison and five months of home confinement for sabotaging his former employer's computer system.  He was also ordered to serve two years of supervised release, perform 200 hours of community service, and pay more than US $15,000 in restitution.  Bryant worked at Cox Communications, which provides computer and telecommunications services across the US.  When Bryant was asked to resign from Cox, he remotely shut down parts of the company's network, which resulted in loss of services to customers in Texas, Las Vegas, New Orleans, and Baton Rouge.  In some cases, 911 emergency services were affected as well.  The services were back up within hours of the attack.
http://www.northfulton.com/Articles-i-2007-12-27-169168.112113_Norcross_hacker_sent_to_prison.html

3 January 2008 - Stolen Laptops Hold Nashville Voter Data
Two laptop computers stolen from the Metro Office Building in Nashville, Tennessee, hold the SSNs of approximately 337,000 Nashville voters; the data are not encrypted.  The break-in was discovered after a security guard noticed the building was unusually cold; the thieves had broken a window to gain access to the building.  The video recorder that could have captured evidence had been unplugged.  The guard who was on duty at the time of the theft has been fired.  The Davidson County Election Commission and two other departments questioned by the Metro Council's Public Safety Committee about the incident say they have stepped up physical security and have removed voters' SSNs from laptops.  Alarms have been placed on video recorders to alert staff.  There is some confusion as to whose responsibility it was to encrypt the data.  The election commission plans to establish a procedure for making sure laptops are secured after business hours. The Davidson County Election Commission is offering free identity theft protection to affected voters.
http://www.tennessean.com/apps/pbcs.dll/article?AID=200880103134

3 January 2008 - Teen Draws 90-Day Sentence for Internet Service Disruption
A Wisconsin teenager was sentenced to 90 days in jail for breaking into a computer network and cutting off Internet access to residents of the Marshfield, Wisconsin area for 18 hours last April. Shaun Lancaster was granted work-release status for his term. He was also ordered to serve three years probation and to pay restitution of approximately US $6,000.
http://www.thenorthwestern.com/apps/pbcs.dll/article?AID=/20080103/OSH/80103040/1987

2 January 2008 - German Justice Minister Denies Music Companies Access to Data for Civil Cases
German Justice Minister Brigitte Zypries says that the music industry does not have the right to demand stored Internet data to pursue its copyright violation allegations in civil cases. Only police and the public prosecutor's office may use the stored data.
http://www.heise.de/english/newsticker/news/101210

1 January 2008 - Malware Development Outpacing Anti-Virus
Protecting computers from malware infections requires a combination of anti-virus products, firewalls, tools that detect behavioral anomalies, and good old-fashioned human caution.  Anti-virus alone cannot do the
job because malware purveyors are growing skilled at releasing new variants that won't immediately be detected by signature-based anti-virus products.  There are tools available on the Internet that allow users to test whether pieces of code are detectable by different anti-virus systems.  Some malware creators have reportedly even set up their own laboratories to ensure that their latest releases will have time to infect computers before anti-virus companies learn of the new malware's existence.
http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9054758

27 December 2007 - Alleged Source Code Thief Arrested
A woman has been arrested and is being held on charges that she allegedly stole US $12 million worth of sensitive data from her former employer, Hinjewadi (India) based 3DPLM Software, just days before
leaving her job there.  Anjali Sharma allegedly used her work computer to send source code to her husband.  Sharma's alleged actions violate a non-disclosure agreement she signed when she began work at 3DPLM. http://www.dnaindia.com/report.asp?newsid=1141842

27 December 2007 - List Identifies Dubious Music Download Sites
The Center for Democracy and Technology (CDT) has released a list of 34 websites it says are misleading users by implying that mainstream music can be downloaded from them.  The sites charge subscription fees, which users may assume are used to pay royalty costs, but the listed websites have not obtained the necessary licensing agreements to distribute the music.  Instead, users are provided peer-to-peer file sharing software, which is often available at no cost elsewhere, and given instructions on using filesharing networks.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=205203862

26 December 2007 - Disk Containing UK Police Data Found at Recycling Center
An obsolete computer that had been sent out to be recycled was found to contain personally identifiable information of an unspecified number of employees, including police officers, of Devon and Cornwall (UK) Police. Assistant Chief Constable Bob Pennington has issued an apology and says the incident is under investigation.  Normally, disks are wiped clean before computers are sent to be recycled.  The disk containing the information was found by a man looking for parts at a recycling center.
http://news.bbc.co.uk/2/hi/uk_news/england/devon/7160490.stm

22 December 2007 - Identity Thief Targets Municipal Court Website
An identity thief apparently entered random Social Security numbers (SSNs) into the Franklin County (Ohio) Municipal Court website, hoping to find a match.  According to police, the thief stole personally
identifiable information, such as names, ages and addresses of hundreds of people, and used the information to open bank accounts and credit cards.  The site contains information about people convicted of misdemeanors; the data theft affects people from Ohio, Kentucky, South Carolina, Texas, and Wyoming.
http://www.coshoctontribune.com/apps/pbcs.dll/article?AID=/20071222/NEWS01/712220309/1002

     
© 1999-2008 Security Awareness, Inc. All Rights Reserved  :  Privacy Statement
Contact Us     Site Map